iso/iec jtc 1/sc 27 it security techniques business forum
TRANSCRIPT
ISO/IEC JTC 1/SC 27IT Security Techniques
Business ForumGjøvik, Norway
Gjøvik, October 4, 2018 | Dr. Andreas Wolf | [email protected]
ISO/IEC JTC 1/SC 27 2Gjøvik, October 4, 2018
THANK YOU
Thanks to the hosts of the ISO/IEC JTC 1/SC 27 Working Group Meeting:• Standards Norway and its Managing Director Jacob Mehus• Norwegian University of Science and Technology NTNU, in particular the
Gjøvik campus• To all hard-working people here in Gjøvik who made this event possibleThanks to all sponsors, their contribution is highly appreciated. Without their support, our work would be much more complicated.
ISO/IEC JTC 1/SC 27 3Gjøvik, October 4, 2018
SC27 AND INDUSTRY
• SC 27 is nothing without the industry, and SC 27 is essential for the industry.
• Why? Consider some examples illustrating the need for security/safety. • The first steam engines often exploded, engineers created and
implemented safety principles, afterwards use of steam engines was safe.
• The first cars have been complicated machines, driving was not easy. Nowadays cars just work.
• Now computers are “just there” and need to be secure and safe to allow for a really mature technology, this includes IT security and privacy aspects.
ISO/IEC JTC 1/SC 27 4Gjøvik, October 4, 2018
SC 27 MISSION
SC 27 is an internationally recognized centre of information and IT security standards expertise serving the needs of business sectors as well as governments. Its work covers the development of standards for the protection of information and ICT. This includes requirements, methods, techniques and guidelines to address aspects of both security and privacy in regard to: • Information security management systems (ISMS) • Cryptographic and security mechanisms• Security evaluation, testing and specification • Security controls and services• Identity management and privacy technologies
ISO/IEC JTC 1/SC 27 7Gjøvik, October 4, 2018
HISTORY
• The first predecessor of SC 27 was ISO/TC 97 founded in the early 80‘s.• Out of TC 97, ISO/TC 97/SC 20 was developed.• Later, SC 20 was moved to the newly founded JTC 1.• In 1989, SC 27 was established and took over work items from the
disbanded SC 20.• At this time, SC 27 started with 18 P-members.
ISO/IEC JTC 1/SC 27 9Gjøvik, October 4, 2018
SC 27 TODAY
• Part of ISO/IEC JTC 1 Information Technology• 51 P-members and 26 O-members• ~ 80 liaisons• 182 published standards• 72 running standardization projects• Some of the most popular standards come from SC 27
• ISO/IEC 27000 family on ISMS• ISO/IEC 15408 and ISO/IEC 18045 on CC
• SC 27 is open to cover future technologies
ISO/IEC JTC 1/SC 27 10Gjøvik, October 4, 2018
FROM WUHAN TO GJØVIK
Distinctions• Wuhan finished April 24, in Gjøvik starts September 30, 158 days later• 7748 km between WUH and OSL (1/5 circumference of the earth)• Much lower temperatures in Gjøvik• Much larger city in Wuhan (7541527 vs. 30294)Similarities• Excellent working conditions• Nice environment• Same people, two NTNU professors come from Wuhan: Prof. Lizhen
Huang (Manufacturing and Civil Engineering) and Prof. Bian Yang (Information Security and Communication Technology)
ISO/IEC JTC 1/SC 27 11Gjøvik, October 4, 2018
Last time I was in Gjøvik was for SC 37 in July 2015.The social event was a boat tour with the beautiful Skibladner (build 1856) at Lake Mjøsa. It was raining all day that day, but just in time for the boattour we got good weather.
ISO/IEC JTC 1/SC 27 12Gjøvik, October 4, 2018
Fjellhall (build 1994 for theLillehammer Olympics) was thesight in Gjøvik where the SC 27 social event takes place.